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A system and method for transferring messages securely 
over a computer network which includes the steps of input- 
ting the message to be transmitted at a first device and then 
encrypting the message at the first device. An address for a 
dynamically addressed server is obtained and the first device 
is connected to the dynamically addressed server. The 
encrypted message is transmitted from the first device to the 
server and the message is received at the dynamically 
addressed server. The message is transmitted from the server 
to a second device and then the message is decrypted at the 
second device. 
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SECURE ELECTRONIC MAIL SYSTEM 
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This application is a continuation-in-part of U.S. patent 
application Ser. No. 08/892,982 filed Jul. 15, 1997, now U.S. 
Pat. No. 5,970,149 and entitled "Combined Remote Access 
and Security System"; which is a continuation-in-part of 
U.S. patent application Ser. No. 08/752,249, filed Nov. 19, 
1996, and entitled "Combined Remote Access and Security 
System" now abandonded. 

REFERENCE TO MICROFICHE APPENDIX 

This application is not referenced in any microfiche 
appendix. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention is directed to an apparatus and 
method for a secure electronic mail communication system. 
More particularly, the invention is directed for use in com- 
municating over networks where secure information 
exchange is required. The invention has utility in applica- 
tions such as person-to-person communication over network 
systems, communications over the Internet, interbusiness 
network communications where security is required, and the 
like. 

2. Prior Art 

The use of keys for secure communications is well 
known. Secure communication systems, as well as key 
systems, are shown in U.S. Pat. No. 4,182,933, issued to 
Rosenblum on Jan. 8, 1980, entitled "Secure Communica- 
tion System With Remote Key Setting"; U.S. Pat. No. 
4,310,720, issued to Check, Jr. on Jan. 12, 1982; entitled 
"Computer Accessing System"; U.S. Pat. No. 4,578,531, 
issued to Everhart et al., on Mar. 25, 1986, entitled "Encryp- 
tion System Key Distribution Method and Apparatus"; U.S. 
Pat. No. 4,965,804, issued to Trbovich et al. on Oct. 23, 
1990, entitled "Key Management for Encrypted Packet- 
Based Networks"; U.S. Pat. No. 5,204,961, issued to Barlow 
on Apr. 20, 1993, entitled "Computer Network Operating 
With Multi-Level Hierarchial Security With Selectable 
Common Trust Realms and Corresponding Security Proto- 
cols"; and U.S. Pat. No. 5,416,842, issued to Aziz on May 
16, 1995 entitled "Method and Apparatus For Key- 
Management Scheme For Use With Internet Protocols At 
Site Firewalls". 

U.S. Pat. No. 4,182,933, issued to Rosenblum on Jan. 8, 
1980, discusses a "Secure Communication System With 
Remote Key Setting". The Rosenblum '933 patent describes 
a system wherein a first subscriber communicates with a key 
distribution center to get an updated key to initiate secure 
communications with a second subscriber. An overview of 
the system shows that the user dials a telephone number into 
the first subscribing unit. The first subscribing unit then 
places the telephone number into temporary memory stor- 
age. The first-subscriber then retrieves its initial caller 
variable from memory and places it into a key generator. The 
first subscriber then retrieves the number of the key distri- 
bution center (KDC) from its memory and dials the number. 
Once a connection has been established the first subscriber 
sends its caller ID as well as the caller ID of the telephone 
number being called to the KDC. This information is not yet 
transmitted in a secure manner. 

Once the KDC has received the information from the first 
subscriber, the KDC looks up the caller variable for both the 
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first subscriber and for the telephone number being called. 
The KDC then generates a new caller variable for the first 
telephone number. The KDC then transmits the caller vari- 
able for the number being called, a new caller variable for 

5 the first subscriber, using a secure transmission controlled by 
the initial caller variable. If this transmission is successful, 
then the KDC will replace the old caller variable in its table 
format with a new caller variable and break the connection. 
Once the first subscriber has received and deciphered the 

10 caller variable for the number to be called and its new key 
caller variable, it will replace the old and used initial caller 
variable key with the new caller variable key. The first 
subscriber will then send the key for the number to be called 
to the key generator, retrieve the telephone number to be 

15 called, and dial the telephone number. The first subscriber 
will then transmit any information input by the user to the 
second subscriber using the second subscriber key. The 
second subscriber will receive information that has been 
encoded with the second subscriber key and will decode the 

20 information and transfer it on to the second user. In an 
alternative embodiment, after the phone call between the 
first subscriber and second subscriber, the second subscriber 
will call and get a new key from the KDC. In this alternative 
embodiment, both the key for the first subscriber and for the 

25 second subscriber will be changed out on every telephone 
call. 

U.S. Pat. No. 4,310,720, issued to Check, Jr. on Jan. 12, 
1982 discloses a "Computer Accessing System". The speci- 
fication discloses a method for communicating between an 

30 access unit and a computer. The user enters his password 
into an input device which is connected to an access unit. 
The access unit generates a pseudo random access key from 
the password that is entered. The access unit then sends the 
access unit number and the generated access key to the 

35 computer controller for access to the computer system. The 
computer controller receives the access unit number and 
access key. The computer controller then verifies the access 
unit number. If the access unit number is properly verified, 
the computer controller will then compare the access code to 

40 the expected access code listed in a table in the computer's 
memory. This expected access code is generated using a 
congruent pseudo -random decoding algorthym. If the access 
key code and the expected code match, then the computer 
controller will establish a Knlf between the access unit and 

45 the computer. 

The access unit and the computer will talk through an 
encoded communication system. Both the access unit and 
the computer will use a randomly generated encryption key 
for encoding and decoding the communication. This key is 

50 independently generated by both the access unit and the 
computer and is not transmitted over the access unit to 
computer link. After the termination of the call between the 
access unit and the computer, the computer will generate and 
store the next access key number for that particular access 

55 unit. 

U.S. Pat. No. 4,578,531 issued to Everhart et al. on Mar. 
25, 1986 discloses an "Encryption System Key Distribution 
Method and Apparatus". This system allows the secure 
method for communication between a terminal "A" and 

60 terminal "B" by using a remote key distribution center. An 
initial signal is sent from terminal "A" to terminal "B" to 
initiate the process of generating a secure communication 
fine. Terminal "A" then generates a new call set up key in 
preparation for communication with the key distribution 

65 center, and a partial session key which will be transmitted 
through the key distribution center to terminal "B". Terminal 
"A" then updates its verification information in preparation 
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for communication with the key distribution center. Termi- 
nal "A" then initiates the connection with the key distribu- 
tion center to which it sends its terminal address and the 
terminal "B" address and an encrypted message including 
the two generated keys and the verification information. At 5 
this point, terminal "A** will wait for the processing by the 
key distribution center. 

The key distribution center will read the address infor- 
mation from the signal sent from terminal "A" and use this 
to access a de-cryption key previously sent in communica- 10 
tion with terminal "A". The message from terminal "A" will 
then be de-crypted and the verification information will be 
updated. The key distribution center will then generate a 
bidirectional asymmetric encryption/de-cryption key pair. 
The first part of this key pair will be sent to terminal "A**, *5 
and the second part of the key pair will be sent to terminal 
"B". A similar communication will happen with terminal 
"B". 

The message to terminal "A" will consist of a subsequent 
call key for the next communication with a KDC, a partial 20 
session key which it received from terminal "B", verification 
information, and two other variables "Y" and "Q". These 
five pieces of information will be encrypted using the call set 
up key for the present communication with terminal "A" and 
the information will be transmitted to terminal "A". A 
similar encrypted message will also be sent to terminal "B" 
from the KDC. 

Terminal "A" will de-crypt the message from the KDC 
and verify that the information is correct. Terminal "A" will 3(J 
then store the new communication key for the next com- 
munication with the KDC, take down the channel to the 
KDC, and establish a communication channel with terminal 
"B". A similar process will happen at terminal "B*\ At this 
point, terminal "A** and "B" will be able to communicate 35 
securely using the partial keys that were exchanged through 
the KDC. Terminals "A" and "B" can then use a random 
number and the variables "Y" and "Q" to create a new key 
which may be used to communicate securely between ter- 
minals "A" and "B". By using the variables and a random ^ 
number to generate a new communication key, a secure 
communication encryption message may be employed 
which cannot be known by any outsiders to terminal "A** and 
"B", including the KDC. 

U.S. Pat. No. 4,965,804, issued to Trbovich et al., on Oct. 45 
23, 1990, discloses a "Key Management For Encrypted 
Packet Based Networks". This method of key management 
uses a key distribution center for sending keys to remote 
locations so that a secure communication can be made. 
Specifically, the system is designed to be compatible with 50 
X.25 type packet switching networks. This compatibility 
requires a balanced transmission which is implemented by a 
transparent device between the source DTE and second 
YDTE. The source DTE sends a transmit request to the 
transparent device which responds with a dummy signal 55 
back to the source DTE. The transparent device then con- 
tacts the key management system and obtains a key. A 
similar key is sent to the transparent device for the second 
DTE. The transparent devices for the first DTE and the 
second DTE then establish a communication network with 50 
an encrypted signal transfer, and finally the source DTE talks 
to the second DTE through the transparent devices and the 
encrypted connection. 

U.S. Pat. No. 5,204,961, issued to Barlow on Apr. 20, 
1993, discloses a "Computer Network Rating With Multi- 65 
Level Hierarchial Security With Selectable Common Trust 
Realms and Corresponding Security Protocols'*. The inven- 



tion involves a method for setting up network communica- 
tions between two trusted computer systems. Each trusted 
computer has a common set of protocols for the protection 
of data contained therein. Thus, if a user for a trusted 
computer system attempts to send data to a non-trusted 
computer system, then the trusted computer system will stop 
the message transfer and will not allow the communication 
to occur. This system operates as a method for two trusted 
computers to talk over a network which is not physically 
secure against interlopers. Each computer that is a member 
of a specific trust realm enforces a predefined security policy 
and defines security levels for the data contained within the 
computer. Before a trusted computer transmits a specified 
message, the trusted computer checks the trust realm table to 
verify that both the transmitting and receiving computers are 
part of at least one common trust realm. If both computers 
are part of a common trust realm, then the message will be 
transferred using the appropriate protocol for that trust 
realm. If the computers are not both members of the trust 
realm, then the message will not be transmitted. The com- 
munication between two trusted computers consists of a 
message which is transmitted as a protocol data unit which 
includes a sealed version of the message, authenticated 
identifies for the sending system and user, the message 
security level label, and an identifier for the selected trust 
realm. The transmitted message is then received, processed 
for validity and if valid, the message is processed within the 
receiving computer. 

U.S. Pat. No. 5,416342, issued to Aziz on May 16, 1995, 
discloses a "Method and Apparatus For Key-Management 
Scheme For Use With Internet Protocols at Site Firewalls'*. 
This system consists of separate private networks which 
communicate over an Internet type connection through 
firewalls. A private network "I" communicates through a 
firewall "A'* to the Internet where the message is transferred 
to firewall "B" and then decoded and sent on to another 
private network "J". This allows private network "I" and 
private network "J" to communicate in a secure encapsu- 
lated message while having firewall protection. The inven- 
tion begins with a source node "I" sending a data gram to the 
firewall "A". Firewall "A" has a secret value "SA" and a 
public value "PA". Similarly, firewall "B" is provided with 
a secret value "SB" and a public value "PB". In this manner 
both firewall "A" and firewall "B" can acquire a shared 
secret value "SAB" without having to communicate. The 
communication is initiated by providing firewall "A" and 
firewall "B" with initial values for all other secure firewalls 
on the network. Firewalls "A" and "B" then use secret value 
"SAB" to create a key "KAB". The transmitting firewall 
then generates a random key "KP" which is used to encrypt 
the received data. The key "KP** and the encrypted data are 
then all encrypted by the public key "KAB" for transmission 
over the Internet, Firewall "B" will then use key "KAB" to 
de-crypt the message for the private key "KP" and de-crypt 
the data that' has been transmitted. In this manner the 
transmitting firewall can constantly be changing the private 
key "KP" which increases the security of the system. 

The above-described key distribution and encryption sys- 
tems suffer from the drawbacks of using known communi- 
cation pathways, having known addresses, and some sys- 
tems even transfer secure key information over the 
communication lines. 

Hence, there is a need for an improved communication 
method which allows for encrypted information transfer to 
dynamic locations without transmitting the keys over the 
communication line. 

Additionally, there remains a need for a mechanism in 
which to log on to a computer system securely without 
passing password. 



for multiple servers which can be contacted to obtain the 
dynamic address of another server. 

Astill further embodiment of the present invention uses a 
remote administrator to control access both to the first server 
for obtaining the dynamic addresses, and to the second 
server for message transfers. 

In accordance with another embodiment of the present 
invention, the user access to the secure name server is 
controlled by a remote administrator which creates, autho- 
rizes and deletes valid user ID/password combinations. 

In accordance with another example of the present 
invention, the system allows for an electronic mail transfer 
between two users where a direct communication between 
the first user and second user never occurs. In this manner, 
two users can communicate without actually having a direct 
connection which is detectable by other parties. 

The principal object of the present invention is to provide 
an easy to use, protected, electronic mail system for com- 
munication* 

Another object of the present invention is to allow for the 
establishment of multiple electronic mail servers for differ- 
ent user categories. 

Astill further object of the present invention is to provide 
for a system which can communication on both secure and 
non-secure electronic mail servers. 

Yet another object of the present invention is to provide 
for a program which allows for automatic and immediate 
deletion of electronic mail messages once they have been 
sent. 

Other objects and further scope of the applicability of the 
present invention will become apparent from the detailed 
description to follow, taken in conjunction with the accom- 
panying drawings wherein like parts are designated by like 
reference numerals. 

DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a schematic view of a network communication 
arrangement utilizing a secure electronic mail system of the 
present invention. 

FIG. 2 is a flow chart representation of the process to 
remotely administrate electronic mail accounts. 

FIG. 3 is a flow chart representation of the process used 
to send mail. 

FIG. 4 is a flow chart representation of a process used to 
retrieve mail. 



general operation of the overall system will be outlined in 
the following discussion. 

Initially, the secure electronic mail server 16 will establish 
25 a link to a connecting network 22 and obtain a dynamic 
address. The dynamic address is standardly assigned by the 
network to a user of the network. An example of a dynamic 
address is a dynamic Internet protocol address for commu- 
nicating over the Internet or world wide web. The secure 
30 electronic mail server 16 will then contact the secure name 
server 14 which has a fixed address on the connecting 
network 22. The secure electronic mail server 16 will then 
notify the secure name server 14 of the secure electronic 
mail server's 16 dynamic address on the connecting network 
35 22. The communication between the secure electronic mail 
server 16 and the secure name server 14 will then be 
discontinued. 

It will be understood that the present invention will be 
applicable to various types of networks. ^_ 
Next, the remote administrator 20 will^ jog ojj ) to the 
connecting network 22 and communicate with the secure 
name server 14. Note that this communication is a protected 
communication to allow for a prot ected information t ransfer 

45 The secure name server 14 transfers the dynamic address of 
the secure electronic mail server 16 to the remote adminis- 
trator 20; The communication between the secure name 
server 14 and the remote administrator 20 is then discon- 
tinued^ ' ^ 

50 In an alternate embodiment, the remote administrator 20 
will establish logon protocol for users to access the secure 
name server 14* The remote administrator 20 will then have 
the information to pass on to users of the protected com- 
munication network 10 to allow them to access the secure 

55 name server 14 through their logon protocol. In this manner, 
access to the secure name server 14 is controlled by the 
logonjHgtQ&l, and only users authorized by the remote 
administrator 20 will be allowed to access the secure name, 
server 14. 

60 After receiving the dynamic address of the secure elec- 
tronic mail server 16, the remote administrator 20 will 
initiate a communication with the secure electronic mail 
server 16 over the network 22. Once again, this is a protected 
information transfer communication. During this 

65 communication, the remote administrator 20 will create, 
change, and delete authorized user ID/password combina- 
tions for accessing the secure electronic mail server 16. The 
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communication between the remote administrator 20 and the 
secure electronic mail server 16 will then be discontinued. 

As different users require access to the system, the remote 
administrator 20 will provide the appropriate logon protocol 
and/or authorized ID/password combinations to the users to 
allow for access to the protected communication network 
10. In this example, both the first user 12 and the second user 
18 contact the remote administrator 20 for authorized logon 
protocol and user ID/password combinations. 

The first user 12 now wishes to write and send an 
electronic mail communication to the second user 18 over 
the protected communication network 10. The first user 12 
uses his unique logon protocol combination to access the 
secure name server 14 over the connecting network 22. Once 
again, this is a protected communication. The first user 12 
then obtains the dynamic address of the secure electronic 
mail server 16 from the secure name server 14. The com- 
munication between the first user 12 and the secure name 
server 14 is then discontinued. 

The first user 12 now uses his ID/password combination 
and the dynamic address to log onto the secure electronic 
mail server 16. Once the first user 12 has logged on to the 
secure electronic mail server 16, the first user's 12 electronic 
mail message is then protected by a protection method, such 
as encryption, and sent on the communication network 22 to 
the designated recipient's box on the secure electronic mail 
server 16. In this example, the information would be stored 
in the second user's box. The communication between the 
first user 12 and secure electronic mail server 16 is then 
broken. 

At random intervals, the second user 18 will use his 
separate logon protocol to obtain the dynamic address of the 
electronic mail server 16 from the secure name server 14 and 
then access the secure electronic mail server 16 with his 
ID/Password combination to see if 20 there are messages for 
the second user 18. If there are messages in the second user's 
box on the secure mail server 16, the secure electronic mail 
server 16 will notify the second user 18 that there are 
messages available for retrieval. The secure electronic mail 
server 16 will then use a protected transfer to send the 
electronic mail message from the first user 12 to the second 
user 18 over the connecting network 22. The communication 
between the second user 18 and the secure electronic mail 
server 16 is then discontinued. Thus, a message has been 
transferred from the first user 12 to the second user 18 
without a direct connection between the first user 12 and the 
second user 18. 

It will also be understood that, in an alternate 
arrangement, the secure name server and the secure mail 
server may reside on the same computer system. 

The aforementioned method of communication provides 
several levels of communication protection against outside 
interference for unwanted monitoring. 

First, the first user 12 and the second user 18 never 
communicate directly. Thus, an outside person must monitor 
multiple communication pathways to detect communication 
between the first user 12 and the second user 18. 

Second, because the secure electronic mail. server uses a 
dynamic address, the communication pathways to and from 
the secure electronic mail server 16 are constantly changing. 
This increases the difficulty of monitoring communication 
with the secure electronic mail server 16. 

Third, because the dynamic address of the secure elec- 
tronic mail server 16 must be obtained from the secure name 
server 14, the address of the secure name server 14 must be 
known. 
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Fourth, because the secure name server 14 requires a 
proper log protocol combination, the dynamic address of the 
secure electronic mail server 16 is not easily obtained. 

Fifth, because the secure name server 14 transfers the 
dynamic address of the secure electronic mail server 16 in an 
encrypted message, a first level of encryption must be 
broken just to obtain the dynamic address for the secure 
electronic mail server 16. 

Sixth, because a communication between a user and the 
secure mail server 16 is protected, a second level of encryp- 
tion must be broken to obtain the message. 

Seventh, because the users can be using an additional 
protection or encryption system that is unknown to the 
secure networks, an additional level of protection can be 
used between the first user 12 and the second user 18. This 
additional level must also be broken to obtain the message 
text. 

Eighth, because the entire system is controlled by a 
remote administrator 20, logon protocols, passwords, and 
keys can be constantly updated and changed. Any compro- 
mised logon protocol or ID/password combinations can be 
immediately deleted from the system by the remote admin- 
istrator 20. 

In addition, multiple applications of the present system 
could provide for a system where the communication 
between the remote administrator 20 and a secure electronic 
mail server 16 would also be an indirect communication 
through another electronic mail server 16. 

While these descriptions of protection levels illustrate one 
example of the present invention, it is to be understood that 
the different levels of protection or additional levels of 
protection may be implemented in conjunction with the 
present invention to further enhance security. 

The sub-processes for communicating throughout the 
network include the process to administrate electronic mail 
accounts, the process to send electronic mail, the process to 
retrieve mail, the process to register a machine with a secure 
name server, the process to obtain a dynamic address from 
alternate secure name servers, the process to get an address 
from a secure name server, and the process to connect to a 
secure electronic mail server. 

Each of the sub-processes for communicating will be 
given further detail in the following discussion. 

Process to Administrate Electronic Mail Accounts 

FIG. 2 of the drawings outlines the process by which the 
remote administrator sets up the user ID/password combi- 
nations. The process starts 30 by initializing the parameters 
necessary for operation of the process. The system will then 
check a first secure name server 32 for the dynamic address 
of the secure mail server. Block 34 represents the system 
checking to see it properly obtained the dynamic address of 
secure mail server from the first secure name server. If the 
system is successful in obtaining the secure mail server 
dynamic address from the first secure name server, the 
system will move on connect to the mail server as shown at 
block 36. ; 

If the system is not successful in obtaining the dynamic 
address of the secure mail server from the first name server 
as shown in block 34, the system will move on to attempt to 
obtain the dynamic address of the secure mail server from 
the second secure name server, as shown in block 48. As 
shown in block 50, the system will check to see if it has now 
successfully retrieved the secure mail server dynamic 
address from the second secure name server. If the system is 
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ID/passwords as shown in block «. ™™™«^~ s 15 either te first name server or the second secure name 

trTwOl then disconnect from the secure mail server as ^^^^te^enorasri^mbloAm 

T^tblock 44. The system will then end the process to Ite - JJ^ ^ ^ to ^ ^ „ ^ n block m 

remotely adrninistrate as shown in block 46. 0 nce the user or retrieval program has properly connected 

Asimilar process could be adapted to change the logon « ^ ^ ^ el mail program 

protocol for the secure name servers. 20 will check to see if mail is available as shown in block *5. 

p^UsedtoSend^mcMail jS^^S 

^a^ro7eradonofmeJro«ss.Tneuserv^theD^ 1 ^ io Wock 106 . m retrieval program _wdl to 
!K^lb^toiec« m i«eto resWremenecessaryp arameters toP roperl y endthispro«ss 

EdSSTS^ollte^iBiilw^** as shown in block 108. 

r/n«rtTcheckin g to see it properly obtained the dynamic k 98 lha , mafl b ^ available, the 

^"SS 30 reS pro^- will connect from the secure mail 
mt If the user is successful m obtaining the secuK mail ^ ^ fa ^ u4 

If the system is not successful in obtaining the dynamic Server 
address of the secure mail server from the first :m *rver when a admi nistrator, or secure 

as shown in block 64, the system wdl move on to geUhe • onto me system ^ a dynamic 

dynamic address of the secure ^ ™ ""^SS 1^£mvmm^c«^^Vio^^ 
^renameserver,asshownmbtock74.As^ov^btock dd^^e ^ ^ ^ 

^The*^ 40 "dress toU, secure name server is outlined as 

-^^^ Tbown inUockm. rearing .Umac^e 

will send back the report error as shown "I*" w !Tui name server is then established. If the sessions 
return the error code to the operator as shown in blocK w» a secure J^e*^ block ^ then te 

user ^.^-.^MriS 
obtain the dynamic address of the seme Jtocwm M ^ W and then 

server, it will connect to the secure mau server usmg nam ^ ^ ^ ^ „ shown n block 134 

disconnects from the secure electronic mail «™ r *^™ ^ to Obtain a Dynamic Address from 
at block 70, and ends the process as shown at blocK ^^^^^^^JhmSBSSi 

FIG. 4 of the drawings outlines the .process by wWcha ,0 J^J^^^S user will use his togon 
user retrieves mail from the secure mad server. The process *cu^ a first secure name server 140 for the 

SnSrt 90 by initializing the P^f^JZ S address of the secure mail server. Block 141 

of the process ^ ™ ^ ^ tT dTn^ 
to check a first secure name server 92 for the dynamic f { ^ ^ from the first secure 

SdS o the secure mail server. Block 94 ^represents Ae 65 ^^^^^^bd^^^ 
Sring to see it properly obtained ^dynaxrn name ^ ^ ^ ^ ^ ^ Dame 

address of secure mail server from the first secure nam 
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server, the system will return the dynamic address to the user 
program as shown at block 142. 

If the user is not successful in obtaining the dynamic 
address of the secure mail server from the first name server 
as shown in block 141, the user will move on to get the 
dynamic address of the secure mail server, from the second 
secure name server, as shown in block 143. As shown in 
block 144, the user will use its logpn protocol to check to see 
if it has now successfully retrieved the secure mail server 
dynamic address from the second secure name server. If the 
user is successful then the system will return the dynamic 
address to the user program as shown in block 142. If the 
user has not successfully obtained the dynamic address of 
the secure mail server from either the first name server or the 
second secure name server, the system will send back the 
report error as shown in block 145 and return the error code 
to the user as shown in block 146. 

Process to Get an Address from a Secure Name 
Server 

FIG. 7 of the drawings outlines the process by which an 
unknown address, such as the dynamic address of a secure 
mail server, is obtained from a secure name server. The 
process starts by selecting the target secure name server 
machine by its fixed address/name as shown in block ISO. 
The user then provides the secure name server with its logon 
protocol combination as shown at block 152. If the user 
logon combination is verified then a session is established 
with a secure name server as shown at block 154. As shown 
at block 156, if the session has not been correctly established 
then the secure name server will report an error code as 
shown at block 178 and return the error code to the user as 
shown at block 180. 

Returning to block 156, if the session has been correctly 
established as shown at block 156, then the user will be 
allowed to request the address for the named machine at the 
client site as shown at block 158. 

The system will then perform a series of checks to see if 
the named machine has been properly identified. If the 
named machine has not been properly identified, shown at 
block 160, then the system will be disconnected as shown at 
block 172, move on to reporting the error code as shown at 
block 178, and continue processing. 

If the named machine has been properly defined as shown 
at block 160, then the system will check to see if the named 
machine has properly registered its address shown at block 
162. If the address has not been correctly registered, then the 
system will move on to disconnect session as shown at block 
174, report the error code as shown at block 178, and 
continue processing. If the named machine has properly 
registered its address as shown at block 162, then the 
machine will check to see if the registration is up to date as 
shown at block 164. 

If the registration is not properly up to date as shown at 
block 164, then the system will disconnect the session as 
shown at block 176, move on to report the error code as 
shown at block 178, and continue processing. 

If the system registration has been properly updated as 
shown at block 164, then the system will return the obtained 
address as shown in block 168 and disconnect the session as 
shown in block 166. The system will then end processing as 
shown at block 170. 

Process to Connect to Secure Electronic Mail 
Server 

FIG. 8 of the drawings outlines the process by which a 
connection to a secure electronic mail server is made. The 
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process begins by the user selecting the secure electronic 
mail server using the current dynamic address as shown at 
block 190. The user will then provide the user ID/password 
combination for the target secure mail server as shown at 

5 block 192. The user will then attempt to establish a session 
with secure electronic mail server as shown at block 194. 
The system will check to make sure that the session has been 
correctly established as shown at block 196. 

If the session has been correctly established as shown at 

10 block 196, then the system will return to processing as 
shown at block 198 and allow the user to continue. 

If the communication session has not been correctly 
established as shown at block 196, then the system will 
report an error as shown at block 200 and forward the error 

15 back to the user as shown at block 202. 

The preferred embodiment of the present invention uses 
multiple secured name servers to allow for access to the 
secure mail server. However, it is also envisioned that a 
single secure name server or additional secure name servers 

20 could be used with this invention. It is also envisioned that 
the secure name server and the secure mail server could 
reside on the same machine. In this manner, two separate 
communication lines would be necessary to allow for the 
fixed address of the secure name server while providing for 

25 a dynamic address of the secure mail server. 

It is also envisioned that the logon combination and user 
ID/password combination could be identical. 

While the foregoing detailed description has described 
several embodiments of the secure electronic mail system in 

30 accordance with this invention, it is to be understood that the 
above description is illustrative and not limiting of the 
disclosed invention. 

The claims and the specification describe the invention 
presented and the terms that are employed in the claims draw 

35 their meaning from the use of such terms in the specification. 
The same terms employed in the prior art may be broader in 
meaning than specifically employed herein. Whenever there 
is a question between the broader definition of such terms 
used in the prior art and the more specific use of the terms 

40 herein, the more specific meaning is meant. 

While the invention has been described with a certain 
degree of particularity, it is manifest that many changes may 
be made in the details of construction and the arrangement 
of components without departing from the spirit and scope 

45 of this disclosure. It is understood that the invention is not 
limited to the embodiments set forth herein for purposes of 
exemplification, but is to be limited only by the scope of the 
attached claim or claims, including the full range of equiva- 
lency to which each element thereof is entitled. 

50 What is claimed is: 

1. A method for transferring messages on a computer 
network, comprising: 
encoding a message; 

inputting said message to be transmitted at a first device; 

encrypting said message at said first device; 

retrieving an address for a dynamically addressed mail 

server by contacting a first secure name server separate 

from said mail server using a unique combination 
6Q ID/password to retrieve said dynamic address; 

connecting said first device to said mail server using said 

server dynamic address; 
transmitting said encrypted message from said first device 

to said mail server; 
65 receiving said message at said mail server; 

transmitting said message from said mail server to a 

second device; 



establishing a link between an electronic mail server and 
a network; 

retrieving a dynamic address for said electronic mail is 
server from a separate secure name server using a 
unique combination ID/password; 

establish a communication with said electronic mail 
server across said network; 

20 

notifying said secure name server of said dynamic address 

of said electronic mail server; and 
thereafter discontinuing said communication between 

said electronic mail server and said secure name server. 

5. The method for transferring messages on a computer ^ 
network of claim 4, further comprising: 

establishing communication between a remote adminis- 
trator and said secure name server on said network; 

transferring said dynamic address of said electronic mail 
server from said secure name server to said remote 30 
administrator, 

discontinuing said communication between said secure 
name server and said remote administrator. 

6. The method for transferring messages on a computer 
network of claim 5, further comprising: 35 

establishing a communication between said remote 

administrator and said secure electronic mail server 

across said network; 
updating ID/password combinations for accessing said ^ 

secure electronic mail server; 
discontinuing said communication between said remote 

administrator and said secure electronic mail server 

7. The method of claim 6, further comprising: 
distributing said ID/password combinations to users of 45 

said network. 

8. The method of claim.7, further comprising: 
establishing a communication between a first user and 

said secure name server using a first unique 
ID/password combination; 



secure electronic man server across saia neiworc, 

discontinuing the communication between said first user 
and said secure electronic mail server. 

10. The method of claim 9, further comprising: 
monitoring said secure electronic mail server by a second 

user, 

notifying said second user that a message is waiting for 

said second user, 
transferring said message from said secure electronic mail 

server to said second user; 
discontinuing said connection between said second user 

and said electronic mail server 

11. A method for transferring messages on a computer 
network, comprising: 

establishing a link between an electronic mail server and 
a network; 

retrieving a dynamic address for said electronic mail 
server from a separate secure name server using a 
unique combination ID/password; 

establishing a communication with said electronic mail 
server across said network; 

notifying said secure name server of said dynamic address 
of said electronic mail server, 

thereafter discontinuing said communication between 
said electronic mail server and said secure name server; 

establishing a communication between a first user and 
said secure name server using a first unique combina- 
tion ID/password; 

transmitting said dynamic address of said secure elec- 
tronic mail server to said first user from said secure 
name server; and 

discontinuing said communication between said first user 
and said secure name server. 

***** 



